Barings Bank in 1995 couldn’t. JP Morgan wasn’t able to after the Enron scandal. Nor was Société Générale in 2008 when they lost 4.9 billion Euro.
Operational risk, as defined by the Basel Accord (Basel II) is “the risk of loss resulting from inadequate or failed internal processes, people, and systems or from external events.”
This is what many banks around the world and in Australia are proactively considering through their own Operational Risk scenario analysis. That by utilising this technique, senior managers can systematically consider the risks of potentially extreme (yet plausible) events and better determine their organisation’s ability to manage them.
Importantly, they are trying to find the right balance between:
- risk management – the organisational response to risks through management actions and the process of change to better address actual or potential risk exposures, and is often driven ‘bottom-up’
- risk measurement – focused on determining the potential costs of strategic and emerging risks, is closely linked to regulatory and risk-appetite, is less susceptible to bias and is often centrally-defined (‘top down’).
This highlights how scenario analysis has typically focused on group-driven ‘top-down’ measurement models or business-driven ‘bottom-up’ management models. But recent work by KPMG Australia, and a study KPMG Global in conjunction with ORX, has identified common building blocks and better practices for scenario analysis.
This linking of management and measurement is essential in developing scenarios that not only engage and make sense to management, but that fit the current business environment and concerns.
Today, however, banks utilise a number of scenario analysis methods depending on, for example, their circumstances or regulatory influence. This can lead to results that are difficult to objectively measure with any accuracy – especially when combined with bank-specific factors, including size, geography, business model, product offerings and regional legislation and regulation.
A common approach can help them better gauge the relative maturity of their risk scenario processes.
This approach utilises several high-level building blocks:
- Governance – that the scenario analysis has support and buy-in from all relevant stakeholders
- Preparation – that everyone fully understands the objective of the exercise and the details of the scenario
- Assessment – that a relevant team is assembled who can effectively estimating frequency and severity parameters for each scenario
- Validation – that the results are consistently and defensibly estimated with a systematic validation approach
- Reporting – that results are periodically reported to all appropriate groups.
Each of these building blocks is, in turn, made up of components that can be separately described and evaluated. All of which, when closely considered, enable banks to better assemble the right data, estimate their ability to manage risks, and determine the amount and type of loss that may occur.
By tightly aligning risk management and risk measurement, banks can strengthen the value of their scenario analysis and be better prepared for the unexpected.